Lucene search

SiemensCVELIST:CVE-2024-39870

HistoryJul 09, 2024 - 12:05 p.m.

CVE-2024-39870

2024-07-0912:05:26

CWE-602

siemens

www.cve.org

vulnerability

sinema remote connect server

local authenticated user

modify users

escalate privileges

CVSS3

6.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

CVSS4

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/SC:N/VI:N/SI:N/VA:H/SA:N

EPSS

Percentile

9.2%

JSON

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected applications can be configured to allow users to manage own users. A local authenticated user with this privilege could use this modify users outside of their own scope as well as to escalate privileges.

CNA Affected

[
  {
    "vendor": "Siemens",
    "product": "SINEMA Remote Connect Server",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "V3.2 SP1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

cert-portal.siemens.com/productcert/html/ssa-381581.html

CVSS3

6.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

CVSS4

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/SC:N/VI:N/SI:N/VA:H/SA:N

EPSS

Percentile

9.2%

JSON

Related for CVELIST:CVE-2024-39870